Technology running the world’s critical infrastructure is increasingly at risk of cyber attack,
according to in-depth research by Lloyd’s of London insurer Aegis London.

The study, conducted by BAE Systems, covers the evolution of cyber risk in the energy sector and
its impact on critical infrastructure businesses in the UK, Europe, US and Canada.

Researchers found that state-sponsored cyber attacks are a serious and evolving threat to power
and utility companies.

A survey of energy and utility companies showed that most respondents believe a cyber attack of
major significance and impact on critical operational infrastructure is highly likely.

The study revealed that power companies are better prepared to deal with cyber threats to their
operational technology than many recent media reports have indicated.

State-sponsored cyber attacks are a serious and evolving threat
to power and utility companies

The researchers said these organisations have a good understanding of the cyber threats they
face, and one of the biggest challenges energy companies and utilities face are constraints outside
their control. These include things like a lack of adequate and mature technology systems.

Cyber insurance

In response to the findings, Aegis London has introduced a new breed of cyber insurance for
operational technology and critical infrastructure, in addition to cover for data protection and
privacy issues.

The company’s CyberResilience product is designed to cover critical operational technology and
assets, before and after a cyber attack.

Some representatives of the security industry have accused utility companies of making security
trade-offs due to a lack of security expertise and/or inadequate resources to address security.

“Cyber attacks are no longer focused solely on IT environments,” said Alan Maguire, chairman of
Aegis London. “Cyber terrorists have turned their attention to operational technologies and the
critical infrastructure they support, so we have expanded our coverage accordingly.”

The insurance cover is offered in conjunction with specialised pre- and post-attack services
provided by cyber security partners who focus on the critical infrastructure industry.

“Now, for the first time, businesses can obtain secure and reliable cyber insurance cover and
service-based offerings for both operational and information technology,” said Maguire.

David Croom-Johnson, active underwriter at Aegis London, said: “We believe that vulnerabilities
in and threats to operational technology have the potential to lead to business interruption or
significant loss of operating capability and availability.

“These represent some of the most acute organisational risks currently facing critical
infrastructure, which is why we developed CyberResilience. However, this is only our first
step in evolving a complete suite of products and services around global critical infrastructure
cyber security,” he said.

Rick Welsh, head of cyber insurance at Aegis London, said cyber risks are one of the biggest
challenges the insurance industry faces today.

“Improving the security posture of critical infrastructure industries such as the energy sector
is paramount,” he said.

According to Welsh, the insurance product acknowledges the need to understand and underwrite the
relationship between industrial control systems and enterprise networks without disregarding the
impact of data security and privacy liability.

Email Alerts

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

It can be tempting to stray from the security roadmap security professionals have put in place when data breaches like the Sony and Anthem breaches are all over the news. But experts say it's crucial to stick to the security basics.

The Open Data Platform has arrived, but not all Hadoop vendors are on board. The initiative, aimed at boosting interoperability, formed a backdrop for discussion at the Strata + Hadoop World 2015 conference.